XSS vulnerability in Content-Type display in read_body
- By sending a specially crafted email an attacker could insert HTML code
in the attachment area of read_body.php. The Content-Type header was not
encoded before it was sent to the browser.
- Affected Versions:
- <= 1.4.3-RC1
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- view patch
- Discovered by Roman Medina.
- This page last updated:
- 2007-07-03 13:00:45